Overview of the SD-WAN
The software-defined wide area network (SD-WAN) is a technology for configuring and implementing an enterprise WAN — based on software-defined networking (SDN) — to effectively route traffic to remote locations such as branch offices. SD-WAN technology derives significant flexibility and agility benefits from removing the burden of traffic management from physical devices and transferring it to software.
The main SD-WAN benefits
SD-WAN adoption is growing rapidly because the technology provides a wide range of important operational and financial benefits, including:
Agility: SD-WAN routers can combine the bandwidth of multiple WAN connections. Organizations using SD-WANs can easily add or remove WAN connections as needed. They can also combine cellular and fixed-line connections.
Cost: Internet links are generally much less expensive than carrier-grade MPLS connections, which are typically encumbered by long provisioning times and expensive contracts. SD-WAN technology also allows organizations to effectively leverage all available network connections to their full capacity without worrying about maintaining idle backup links.
Security: SD-WAN can improve network security by end-to-end encrypting WAN traffic as it moves from one location to another, and by segmenting the network so that if a breach occurs, the damage is minimized.
Reliability: SD-WAN routers connect multiple internet links from different providers to maintain high availability in the case of link failure.
Performance: SD-WAN technology uses the internet to create secure, high-performance connections, eliminating the backhaul penalties imposed by MPLS networks.
Adoption: Distributed organizations, as well as those moving toward the adoption of IoT technology, should evaluate SD-WAN solutions in terms of ease of use, manageability, ability to integrate with existing MPLS networks and the intelligence to automatically adjust traffic flows to accommodate network conditions.
The market of SD-WAN
The revenue of SD-WAN market is predicted to register around 58% growth to cross a industry valuation of USD 17 billion by 2025. This market growth is driven by the rising adoption of SD-WAN solutions among enterprises to simplify network management. Such solutions enable network administrators to have complete control over their network and are widely deployed by organizations that have remote offices as they provide centralized management to control all the network assets remotely. It also substitutes some or all expensive Multiprotocol Label Switching (MPLS) with low-cost broadband links enabling enterprises to save huge costs. As SD-WANs offer huge cost savings to adopters, the demand for these solutions is expected to accelerate over the forecast timeline.
Maipu Software-Defined Branch
Maipu Software-Defined Branch Solution improves traditional WAN network and solves problems on several points, beginning with:
• The WAN—Enables the use of 4G/5G LTE internet to replace expensive MPLS services.
• The LAN—Integrated a certain number of LAN interfaces to replace independent Ethernet switch, Flattens the branch into one device.
• Centralized Service—Supports hundreds of locations online every week by using non-technical local supporting teams with centralized services.
Maipu Mobile SD-Branch extends the software-defined aspect to all elements of the branch, delivering a full-stack solution, including features such as:
• Zero touch provisioning (ZTP) through SMS au­to configuration or Pre-configuration for new branch locations. Scale-out cloud management enables rapid growth in the number of branch sites.
• SD-WAN statues visibility and control through cloud-managed platform.
• Realizing End-to-End Security through rich overlay VPN technologies.
• A consistent policy approach to LAN&WAN for traffic segmentation, isolation, and path selection­.
Figure 1 Maipu Mobile SD-Branch integrated into existing WAN design
The Maipu Mobile SD-Branch solution consists of three main components:
• Cloud management—Maipu E4G Controller, a cloud-based management platform, offers a central point of management and control for all Maipu SD-Branch Mobile Routers. Maipu E4G can automatically configure the SD-WAN overlay VPN and provide visibility views of the network. Maipu E4G also aggregates and correlates diverse sets of information in order to provide insights into network operations.
• SD-Branch gateway—The gateway is the appliance at the branch that connects to Mobile WAN uplinks and the end-point in the LAN. The branch gateway is a policy enforcement point for wired, wireless, security, and WAN policies including routing. The gateway functions include Routing, Switching, IPsec/GRE/L2TPv3 VPN, QoS, and WAN path selection or load-balancing. The branch gateway software function is running on the Maipu MP1800X/MP1900X/MP2900X access series.
• VPN Concentrator—The VPN concentrator is running at the headend in hub-and-spoke topologies, terminating IPsec/GRE/L2TPv3 VPN tunnels. The VPN concentrator software function is running on the Maipu MP3900X/MP7300X aggregation series.
Figure 2 Maipu SD-Branch Product Line Family
Maipu SD-Branch Key Features
• Central management—Maipu E4G SD-WAN platform provides centralized management, monitoring, and troubleshooting of 4G SD-WAN gateways. It allows for simple branch startup by SMS OTP configuration. Extensive use of templates allows for complete remote configuration. Maipu E4G decrease on-site network installation cost.
• Real-time monitoring—Maipu E4G SD-WAN platform provides Cloud-managed for each branch site. Network administrators can monitor network status remotely 7*24 hours.
• Real-time alarm—Maipu E4G SD-WAN platform provides real-time alarm for troubleshooting.
• Configuration Update—Maipu E4G SD-WAN platform provides remote update for new configuration.
• Rich-Report—Maipu E4G SD-WAN platform provides rich-reports and logs for audit.
• Patch Upgrade—Maipu E4G SD-WAN platform provides remote patch upgrading for new IOS.
Figure 3 Maipu Mobile SD-Branch Cloud Management Platform
• Multi-WAN Auto Switching—Real-time detection the packet loss of Multiple WAN links through IP Track technology， realizing multi-WAN auto switching based on the links quality.
• Load Balancing—You can use policy route for traffic load balancing to multi-WAN links, such as source & destination IP address.
• Traditional WAN Compatibility—For the customers who are still using traditional WAN links, such as V.35, E1, CE1, STM, Maipu branch gateways can realize backward compatibility.
• Rich VPN Technologies—Maipu branch gateways and VPN concentrators support high-performance IPsec/GRE/L2TPv3 VPN for se­cure overlay networking across the Internet or other untrusted networks.
• VPN Tunnel Fast Switching—Fast switching between multiple VPN tunnels can be achieved by combining with BFD and SLA protocols.
• 802.1X Authentication—Maipu branch gateways support 802.1X authentication for LAN security access. In a branch, only legal terminals have rights to access to LAN network.
Maipu MP1800X/1900X/2900X series branch gateway is best suited for small and midsize businesses, enterprise branches, and as customer premises equipment in SD-branch environments. The routers come with 4, 8, 24 or 48 LAN ports in various model options. There are multiple combinations to choose from, including LAN, WAN, LTE, and pluggable technology, depending on your branch requirements.
• MP1800X Series—For small office scenarios within 10 employees, 1*WAN+4*LAN interfaces, 1 or 2 LTE uplinks
• MP1900X Series—For small size branch scenarios within 25 employees, 2*WAN+8*LAN interfaces, two extension slots for pluggable modules such as V.35, E1, CE1, STM-1, LTE, etc.
• MP2900X Series—For midsize branch scenarios within 100 employees, 4*WAN+24/48*LAN, four extension slots for pluggable modules such as V.35, E1, CE1, STM-1, LTE, etc.
Maipu MP3900X/7300X series VPN concentrator provide a software defined WAN platform that aggregates multiple WAN connections and VPN concentration. The concentrators contain both hardware and software redundancy in an industry-leading high-availability design.
• MP3900X Series—For midsize customers who has 500-1000 branch offices. It supports 2K IPsec VPN tunnels, more than 1Gbps VPN encryption performance.
• MP7300X Series—For large size customers who has 1000-2000 branch offices. It supports 4K IPsec VPN tunnels, more than 2.5Gbps VPN encryption performance.
As a centralized, cloud-delivered WAN architecture, Maipu SD-Branch solution makes it easy to scale across thousands of endpoints, whether they are in the office, branch or campus. IT has the ability to automate zero-touch deployment globally, using a single management interface. In the event of link failure or link degradation, smart routing can dynamically handle the traffic between dedicated circuits and secure Internet connections to drive constant delivery of business-critical applications.